![]() Any productive meeting should have a clear start and end time. Any additional meetings are taking up time that could otherwise be spent on work, so limiting your meetings can be the first “golden rule” to get success out of them.Īnother massive time waster happens when people say “let’s meet at 10am Tuesday,” then don’t prepare ahead for the meeting. You probably have plenty of other reasons to have meetings, including specific project updates. Basically, if it doesn’t need a daily (or weekly) update, don’t book one! One of the quickest ways to lose engagement is if people feel that they’re at a “meeting for the sake of a meeting.” Perhaps you really don’t have much to say at a daily startup and those can be knocked back to twice a week. It’s time to step back for an honest assessment - does every meeting have value? Or, are you having a daily startup just because “that’s how we’ve always done it?” These will help you to maintain engagement with your participants and get the outcomes you are looking for: #1. That means a bunch of people are holding virtual meetings, although not all of them are going well! If you’ve ever been frustrated during one of these meetings or walked away feeling that it could have been an email, or could have been shorter, then you’ve probably wished for a better way to conduct these meetings.įor meeting hosts, it’s important to take into account a few “golden rules” for successful meetings. It also fixed a separate flaw that could have allowed attackers to mimic an organization and trick its employees or business partners into revealing personal or other confidential information via social engineering attacks.Many businesses are now operating virtually, either by design or through necessity via the pandemic. Just earlier this month, the company addressed a zero-day vulnerability in its Windows app that could allow an attacker to execute arbitrary code on a victim's computer running Windows 7 or older. The video conferencing platform, which drew scrutiny for a number of security issues as its usage soared during the coronavirus pandemic, has quickly patched the flaws as they were uncovered, even going to the extent of announcing a 90-day freeze on releasing new features to "better identify, address, and fix issues proactively." "The failure on the CSRF token made it even easier to abuse than it would be otherwise, but fixing that wouldn't provide much protection against this attack."įollowing the findings, Zoom took the web client offline to mitigate the issues on April 2 before issuing a fix a week later. "There was a CSRF HTTP header sent during this step, but if you omitted it then the request still seemed to just work fine anyway," Anthony said. Separately, an issue was uncovered during the sign-in process using the web client, which employed a temporary redirect to seek customers' consent to its terms of service and privacy policy. ![]() The researcher also found that the same procedure could be repeated even with scheduled meetings, which have the option to override the default passcode with a longer alphanumeric variant, and run it against a list of top 10 million passwords to brute-force a login. The attack worked with recurring meetings, implying that bad actors could have had access to the ongoing meetings once the passcode was cracked. "With improved threading, and distributing across 4-5 cloud servers you could check the entire password space within a few minutes," Anthony said. The fact that meetings were, by default, secured by a six-digit code meant there could be only a maximum of one million passwords.īut in the absence of no checks for repeated incorrect password attempts, an attacker can leverage Zoom's web client () to continuously send HTTP requests to try all the one million combinations. Anthony reported the security issue to the company on April 1, 2020, along with a Python-based proof-of-concept script, a week after which Zoom patched the flaw on April 9.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |